edituser.php

   1 <?php
   2 require 'config.php';
   3 $level_restriction = ADMIN;
   4 $require_login = true;
   5 $page_name = 'Edit User';
   6 require 'top.inc.php';
   7 include 'include/levels.php';
   8
   9 if ( isset($_POST['submit']) && strpos($_SERVER['HTTP_REFERER'], 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME']) === 0 ) // prevent remote form submitting
  10 {
  11         mysql_query('UPDATE `users` SET
  12                 `level` = '.intval($_POST['levlev']).',
  13                 `cookies` = '.intval($_POST['cookies']).',
  14                 `points` = '.intval($_POST['points']).',
  15                 `sig` = \''.mysql_real_escape_string($_POST['sig']).'\',
  16                 `quote` = \''.mysql_real_escape_string($_POST['quote']).'\',
  17                 `public_email` = \''.mysql_real_escape_string($_POST['public_email']).'\'
  18                 WHERE `user` = '.intval($_GET['user']).' LIMIT 1');
  19
  20         if ( isset($_POST['clear_email']) )
  21                 mysql_query ('UPDATE `users` SET `private_email` = \'\' WHERE `user` = '.intval ($_GET['user']).' LIMIT 1');
  22
  23         echo '<p class="alert">User updated.</p>';
  24 }
  25
  26 $user2 = mysql_fetch_assoc(mysql_query('SELECT * FROM `users` WHERE `user` = '.intval($_GET['user'])));
  27
  28 if ( !$user2 )
  29         print('<p class="alert">Invalid user ID.</p>') && footer();
  30 elseif ( $user2['level'] > $userinfo['level'] || $user2['user'] == 1 )
  31         print('<p class="alert">You cannot edit this user\'s info.</p>') && footer();
  32
  33 echo '<form method="post" action="?user=',intval($_GET['user']),URL_APPEND,'">
  34 <h3>Editing info for ',userlink($user2['user']),' (User ID ',$user2['user'],')</h3>
  35
  36 <table>
  37 <tr class=',colour(),'><th scope="col">User Level</th><td><select name="levlev">',"\n";
  38
  39 foreach ( $cfg['levels'] as $num => $nam )
  40         echo '<option value="',$num,'"',( $user2['level'] == $num ? ' selected="selected"' : '' ),'>',$num,': ',$nam,"</option>\n";
  41 echo '</select></td></tr>
  42
  43 <tr class=',colour(),'><th scope="col">',$strings['cookies'].'</th>
  44         <td><input type="text" name="cookies" value="'.$user2['cookies'].'"/></td></tr>
  45 <tr class=',colour(),'><th scope="col">',$strings['points'].'</th>
  46         <td><input type="text" name="points" value="'.$user2['points'].'"/></td></tr>
  47 <tr class=',colour(),'><th scope="col">Private Email</th>
  48         <td>'.htmlentities($user2['private_email']).' | <label><small>Clear </small><input type="checkbox" name="clear_email"/></label></td></tr>
  49 <tr class=',colour(),'><th scope="col">Public Email</th>
  50         <td><input type="text" name="public_email" value="'.htmlspecialchars($user2['public_email']).'"/></td></tr>
  51 <tr class=',colour(),'><th scope="col">Signature</th>
  52         <td><textarea cols="40" rows="4" name="sig">',htmlspecialchars($user2['sig']),'</textarea></td></tr>
  53 <tr class=',colour(),'><th scope="col">Quote</th>
  54         <td><textarea cols="40" rows="4" name="quote">',htmlspecialchars(str_replace('<br />', '', $user2['quote'])),'</textarea></td></tr>
  55 </table>
  56 <p class="c3"><input type="submit" name="submit" value="Update"/></p>
  57 </form>',"\n";
  58
  59 footer();
  60 ?>